I am trying to use Wireshark to trace a conversation between a server and client. I ran the Wireshark capture and have the file in front of me. But I have some questions I was hoping experts could help with;
i) I want to view the source and destination ports.... I went to "Edit Preferences" and added a column for Source Port and Destination Port. But - in the view, they are labelled as "New Column" and "New Column", the option to name the Column in "Edit Preferences" is greyed out, anyone know how to change this?
ii) When the capture starts, for the Columns I added, sometimes I can see the port number, sometimes the name of the procotol (I assume that's what it is)...how can I change it so that only the port NUMBER is displayed?
iii) I would like to see which device intiated a conversation. Sure, I can see Source IP and Destination IP, however I don't know which one actually started the conversation. I assume I need to look at the "Info" tab, there are entries there such as "ACK" and "PSH, ACK" - does anyone know how these can help me?
iv) Also in info, I can see the "Seq" number, and the "Ack" number, what do these relate to?
v) Is there any way to right click a packet and view the entire conversation related to that packet (as in highlight the entries in the display)
Any help would be much appreciated!!!!